WebEOC before 6.0.2 does not properly check user authorization, which allows remote attackers to gain privileges via a direct request to a resource. Date published : 2005-07-17 http://www.kb.cert.org/vuls/id/258834 http://www.kb.cert.org/vuls/id/JGEI-6BWLWG
WebEOC before 6.0.2 stores sensitive information in locations such as URIs, web pages, and configuration files, which allows remote attackers to obtain information such as Usernames, Passwords, Emergency information, medical information, and system configuration....
Multiple SQL injection vulnerabilities in WebEOC before 6.0.2 allow remote attackers to modify SQL statements via unknown attack vectors. Date published : 2005-07-17 http://www.kb.cert.org/vuls/id/372797 http://www.kb.cert.org/vuls/id/JGEI-6C8Q27
WebEOC before 6.0.2 does not properly restrict the size of an uploaded file, which allows remote authenticated users to cause a denial of service (system and database resource consumption) via a large file. Date...
Multiple cross-site scripting (XSS) vulnerabilities in WebEOC before 6.0.2 allow remote attackers to inject arbitrary web script and HTML via unknown vectors. Date published : 2005-07-17 http://www.kb.cert.org/vuls/id/138538 http://www.kb.cert.org/vuls/id/JGEI-6BVST4
WebEOC before 6.0.2 uses a weak encryption scheme for passwords, which makes it easier for attackers to crack passwords. Date published : 2005-07-17 http://www.kb.cert.org/vuls/id/491770 http://www.kb.cert.org/vuls/id/JGEI-6BWQDQ
Cisco Security Agent (CSA) 4.5 allows remote attackers to cause a denial of service (system crash) via a crafted IP packet. Date published : 2005-07-17 http://www.cisco.com/warp/public/707/cisco-sa-20050713-csa.shtml https://exchange.xforce.ibmcloud.com/vulnerabilities/21344
Cisco ONS 15216 Optical Add/Drop Multiplexer (OADM) running firmware 2.2.2 and earlier allows remote attackers to cause a denial of service (management plane session loss) via crafted telnet data. Date published : 2005-07-17 http://www.securityfocus.com/bid/14246...
Stack-based buffer overflow in the IMAP daemon (imapd) in MailEnable Professional 1.54 allows remote authenticated users to execute arbitrary code via the status command with a long mailbox name. Date published : 2005-07-17 http://marc.info/?l=bugtraq&m=112127188609993&w=2...
Apple Darwin Streaming Server 5.5 and earlier allows remote attackers to cause a denial of service (application crash) via a URL with a filename containing a .cgi extension and an MS-DOS device name such...
CenterICQ 4.20.0 and earlier creates temporary files with predictable file names, which allows local users to overwrite arbitrary files via a symlink attack on the gg.token.PID temporary file. Date published : 2005-07-17 http://www.securityfocus.com/bid/14144 http://www.debian.org/security/2005/dsa-754
Double free vulnerability in the krb5_recvauth function in MIT Kerberos 5 (krb5) 1.4.1 and earlier allows remote attackers to execute arbitrary code via certain error conditions. Date published : 2005-07-17 http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html
Heap-based buffer overflow in the Key Distribution Center (KDC) in MIT Kerberos 5 (krb5) 1.4.1 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via...
MIT Kerberos 5 (krb5) 1.3 through 1.4.1 Key Distribution Center (KDC) allows remote attackers to cause a denial of service (application crash) via a certain valid TCP connection that causes a free of unallocated...